package CoreClass;

public class Check_sql extends Page
{
	protected Page thisPage;

	public Check_sql(Page sPage)
	{
		this.thisPage = sPage;
		this.urlCheck_sql();
	}

	public final boolean Check_From_Sql()
	{
		NameValueCollection strqs = this.thisPage.Request.Form;
		int i = 0;
		for (i = 0; i < strqs.size(); i++)
		{
			String[] strTemp = strqs.GetValues(i);
			String strName = strqs.GetKey(i);
			String strC = strTemp[0].toLowerCase();
			if ((((strC.indexOf("'", 0, strC.length()) != -1) || (strC.indexOf("and", 0, strC.length()) != -1)) || ((strC.indexOf("select", 0, strC.length()) != -1) || (strC.indexOf("update", 0, strC.length()) != -1))) || ((((strC.indexOf("chr", 0, strC.length()) != -1) || (strC.indexOf("delete%20from", 0, strC.length()) != -1)) || ((strC.indexOf(";", 0, strC.length()) != -1) || (strC.indexOf("insert", 0, strC.length()) != -1))) || ((strC.indexOf("mid", 0, strC.length()) != -1) || (strC.indexOf("master.", 0, strC.length()) != -1))))
			{
				String ssMessage = "<Script Language=JavaScript>alert('\u51fa\u73b0\u9519\u8bef\uff01\u5728\u4f60\u8f93\u5165\u7684\u5185\u5bb9\u4e2d\u4e0d\u8981\u51fa\u73b0\uff1a";
				ssMessage = ssMessage + "\n\n ;,and,select,update,insert,delete,chr \u7b49\u975e\u6cd5\u5b57\u7b26\uff01');location.href='javascript:history.back()';</Script>";
				this.thisPage.RegisterStartupScript("03", ssMessage);
				return false;
			}
		}
		return true;
	}

	public final boolean Check_Text_Sql(String from_text)
	{
		String strC = from_text;
		if ((((strC.indexOf("'", 0, strC.length()) != -1) || (strC.indexOf("and", 0, strC.length()) != -1)) || ((strC.indexOf("select", 0, strC.length()) != -1) || (strC.indexOf("update", 0, strC.length()) != -1))) || ((((strC.indexOf("chr", 0, strC.length()) != -1) || (strC.indexOf("delete%20from", 0, strC.length()) != -1)) || ((strC.indexOf(";", 0, strC.length()) != -1) || (strC.indexOf("insert", 0, strC.length()) != -1))) || ((strC.indexOf("mid", 0, strC.length()) != -1) || (strC.indexOf("master.", 0, strC.length()) != -1))))
		{
			String ssMessage = "<Script Language=JavaScript>alert('\u51fa\u73b0\u9519\u8bef\uff01\u5728\u4f60\u8f93\u5165\u7684\u5185\u5bb9\u4e2d\u4e0d\u8981\u51fa\u73b0\uff1a";
			ssMessage = ssMessage + "\n\n ;,and,select,update,insert,delete,chr \u7b49\u975e\u6cd5\u5b57\u7b26\uff01');location.href='javascript:history.back()';</Script>";
			this.thisPage.RegisterStartupScript("03", ssMessage);
			return false;
		}
		return true;
	}

	public final void showMessage(String p_strShowMessage)
	{
		this.thisPage.RegisterStartupScript("01", "<script language=javascript> alert('" + p_strShowMessage + "')</script>");
	}

	public final boolean urlCheck_sql()
	{
		if (this.thisPage.Request.ServerVariables["HTTP_REFERER"] == null)
		{
			this.showMessage("\u8b66\u544a\uff01\u4e0d\u5141\u8bb8\u901a\u8fc7Url\u63d0\u4ea4\u6570\u636e\uff01\uff01\u9875\u9762\u5373\u5c06\u5173\u95ed\uff01\uff01");
			this.thisPage.RegisterStartupScript("02", "<script language=javascript>window.opener=null;window.close();</script>");
			return false;
		}
		String str_httpReferer = this.thisPage.Request.ServerVariables["HTTP_REFERER"].toString();
		String str_httpServerName = this.thisPage.Request.ServerVariables["SERVER_NAME"].toString();
		if (!str_httpReferer.substring(7, 7 + str_httpServerName.length()).equals(str_httpServerName))
		{
			this.showMessage("\u8b66\u544a\uff01\u4f60\u6b63\u5728\u4ece\u5916\u90e8\u63d0\u4ea4\u6570\u636e\uff01\uff01\u9875\u9762\u5373\u5c06\u5173\u95ed\uff01\uff01");
			this.thisPage.RegisterStartupScript("02", "<script language=javascript>window.opener=null;window.close();</script>");
			return false;
		}
		NameValueCollection strqs = this.thisPage.Request.QueryString;
		int i = 0;
		for (i = 0; i < strqs.size(); i++)
		{
			String[] strTemp = strqs.GetValues(i);
			String strName = strqs.GetKey(i);
			String strC = strTemp[0].toLowerCase();
			if ((((strC.indexOf("'", 0, strC.length()) != -1) || (strC.indexOf("and", 0, strC.length()) != -1)) || ((strC.indexOf("select", 0, strC.length()) != -1) || (strC.indexOf("update", 0, strC.length()) != -1))) || ((((strC.indexOf("chr", 0, strC.length()) != -1) || (strC.indexOf("delete%20from", 0, strC.length()) != -1)) || ((strC.indexOf(";", 0, strC.length()) != -1) || (strC.indexOf("insert", 0, strC.length()) != -1))) || ((strC.indexOf("mid", 0, strC.length()) != -1) || (strC.indexOf("master.", 0, strC.length()) != -1))))
			{
				String ssMessage = "<Script Language=JavaScript>alert('\u51fa\u73b0\u9519\u8bef\uff01\u5728\u4f60\u8f93\u5165\u7684\u5185\u5bb9\u4e2d\u4e0d\u8981\u51fa\u73b0\uff1a";
				ssMessage = ssMessage + "\n\n ;,and,select,update,insert,delete,chr \u7b49\u975e\u6cd5\u5b57\u7b26\uff01');location.href='javascript:history.back()';</Script>";
				this.thisPage.RegisterStartupScript("03", ssMessage);
				return false;
			}
		}
		return true;
	}
}